Archive for March, 2009

March 27th, 2009 No comments


Will Conficker.C Blow up on us April 1?

March 25th, 2009 No comments

Conficker has gotten more than its share of coverage as probably the most important malware in the last year, but this next week will see a whole lot more. The latest variant of the worm, Conficker.C, is programmed to do something on April 1. Exactly what it’s going to do and how big a deal it will be for all of us, nobody can really say for sure.

The A and especially B variants of this worm (also known as Downadup) built a botnet in the several million system range, almost exclusively through exploitation of the MS08-067 vulnerability in Windows. Conficker added some innovative techniques to update itself though a large number of domains, the names of which were algorithmically generated by the program. Because the names were deterministic, it was possible for the DNS authorities (VeriSign, et al) to block the names and, with few exceptions, the worm has been unable to spread since that point several weeks ago.

Then C came along. It adds a number of defensive measures designed to protect itself from detection and removal and it ratchets up the number of domains it can check for updates. As this very large and thorough analysis of Conficker.C from SRI International says, “…Conficker C increases the number of daily domain names generated, from 250 to 50,000 potential Internet rendezvous points. Of these 50,000 domains, only 500 are queried, and unlike previous versions, they are queried only once per day.” Thus C should generate less traffic than the earlier versions, especially in as much as it filters the IP addresses for these domains to make them work better and avoid detection.

Avoiding detection is a major theme with Conficker.C. It’s not the first malware to try to defend itself in-memory against security software and diagnostic tools, but C does a lot of this. For instance, it disables Windows Automatic Updates and the Windows Security Center. My impression from talking to anti-malware vendors is that they can still detect it and I’m inclined to believe them; after all, there is just a few variants of Conficker and they’re well-understood.

Some security experts such as Eset are urging you to back up in advance of April 1 and to make sure that your security software is working properly. Of course (and they say this too) these are things you should do in any event. But make sure that the update mechanisms for Windows and your anti-malware are actually occurring because Conficker can turn them off.

But the big news with C is that the code is scheduled to come alive on April 1 and start contacting the 50,000 domains and download something. What will they download? What will it make the bots do? Honestly, nobody knows. This is the great mystery.

Another question you might ask is if the DNS powers that be stopped the propagation mechanism for Conficker A and B, how did C spread? Perhaps it’s not that widespread after all? I asked Richard Wang, Manager SophosLabs, US about this. He stresses that it’s hard to know for sure how much Conficker C is out there because they’re laying low until April 1. Among their customers C is 6% of the Conficker population, but it’s not clear if that’s representative of the world overall. It is possible for C to spread in part because there is a direct push mechanism in B, allowing an outside system to contact it and provide a domain name from which it should download an update, presumably C.

Conficker is really sophisticated as malware goes. It’s clear that its authors are smart people and perhaps that’s what’s got security people worried. But the only rational way to approach this is to do the things you know you need to do anyway and then not get hung up on it. Remember, there’s a very good chance that on April 1 nothing much will happen.


Telstra’s Turbo 21 HSPA modem reviewed: not 21Mbps but still the world’s fastest

March 24th, 2009 No comments

Telstra loves to brag about being the “world’s fastest national mobile broadband network.” And they should after a recent 21Mbps (theoretical) upgrade to its Next G network in Australia’s major cities. Of course real-world performance won’t come close to that but the PC-only, Telstra Turbo 21 USB modem likely smokes any over the air setup you’ve been using. ZDNET tested the Turbo 21 in Sydney and found performance landing on “the right side of excellent.” Performance peaked at about 6Mbps but this was variable at best. Still it was the fastest modem that ZDNET’s seen in their testing. Yours, or more likely your company’s, for AU$499 or AU$299 when bundled with a data pack.


Techshow 17-03-09

March 22nd, 2009 No comments


Microsoft’s IE8 Catches Most ‘Social Malware’

March 20th, 2009 No comments

A study by NSS Labs of 6 major web browsers shows a large difference in their ability to block “socially engineered malware.”

NSS Labs is an independent entity with business in many areas unrelated to this, but it’s important to note that the study was funded by Microsoft.

That said, and even though the study shows IE8 and it’s new SmartScreen filter head and shoulders above all other browsers, the funding does not make the study illegitimate. “Socially engineered malware,” as they put it, is arguably the most important form of malware these days. We’ve reported on it many times in the last year, with recent examples here , here and here . The basic idea is that the user is enticed into visiting a web site and downloading malware believing it to be something else.

The recent generation of web browsers has approached this problem with reputation services, just as they have with phishing. Just as phishing sites are often initially blocked by browsers (“…this is a reported phishing web site”) based partly on blacklists of domains and IP addresses, so are malware sites being blocked.

NSS Labs’ tests came up with these results overall:

Browser Malware Catch Rate
IE8 (RC1) 69%
Firefox 3.07 30%
Safari v3 24%
Chrome 1.0.154 16%
Opera 9.84 5%
IE7 4%

You don’t have to think ill of NSS Labs to realize that it’s hard to take the results completely seriously until they are confirmed by a source not funded by Microsoft. They didn’t publish the exact sample URLs so an exact replica can’t be performed, and in any event such sites are highly transient. But replicating the basic idea of the test is an excellent idea for anyone with access to enough malware and a decent lab.

The other important take-away from this is that even the best numbers from IE8 are low. Protection such as this is a good defense-in-depth measure, but it’s no substitute for a good anti-malware program and other protections, such as least-privileged access.


Browser Showdown: IE 8 vs. Firefox

March 20th, 2009 No comments

Microsoft Internet Explorer 8 is here at last–the newest entry into the ongoing browser wars. Microsoft packed a healthy number of new features into IE 8, and made security a top priority in its newest version of this venerable Web browser.

But just as important as all that is browsing speed–that is, how quickly can IE 8 render your favorite Web sites? To get an idea of how IE 8 compares, we put it to the test.

Our Speed-Test Methodology

Artwork: Chip Taylor

In our browser speed comparison, we pitted a near-final build of Internet Explorer 8 against Firefox 3.0.7, the current non-beta version of Mozilla’s browser. We used a set of nine popular Web sites in our testing: Amazon, MySpace, Yahoo, PC World, YouTube, Microsoft, Apple, eBay, and Wikipedia. To ensure we could gather as accurate page-loading times as possible, we recorded our testing sessions for review later on.

We loaded each site ten times in each of the browsers and repeated the process the following day to rule out any network traffic or server issues. Prior to each test run, we cleared the browsers’ caches as well. We also repeated the load tests to ensure that we had sufficient data to identify loading speed trends. To ensure consistent results, we performed testing on a fresh Windows Vista installation, and we reinstalled the operating system before each round of testing. Additionally, we removed the two best and two worst scores for each page load test to produce more consistent results.

Browser testing can be tricky, as different browsers measure page loading progress differently, so getting a read of page load times strictly by the browser’s progress bar could result in inaccurate or inconsistent results. Have all the images appeared? Are there elements of the page that have yet to load even though the browser’s status indicator suggests otherwise? These are questions we take into account when testing browsers. Given this, we took into account visual indications of a page’s loading progress, rather than relying on what the browser’s progress bars told us.

The Speed-Test Results

By and large, we found that Internet Explorer 8 performed well, and beat out Firefox 3.0.7 in the majority of our time trials.

However, IE 8’s performance advantage is relatively negligible. In most of our testing, IE 8’s advantage was half a second or less. One notable exception, however, was in loading the English-language Wikipedia home page, where IE 8 beat out Firefox by an average of one second (IE 8 took about 2.2 seconds to load the page on average, while Firefox 3 took about 3.3 seconds). Also of note: on average, IE 8 loaded Apple’s home page nearly twice as quickly as Firefox.

IE 8 is Faster, But Will You Notice?

In practical, everyday use, you likely won’t notice much of a difference between IE 8 and Firefox 3. Due to the fact that broadband connections are so commonplace today, and the fact that browsers in general can load pages faster than they could even a couple years ago, the page load time differences between the two are relatively moot. If you use Firefox and are happy with it, you may as well stick with it. That said, it is encouraging to see browser vendors compete with each other, and aim to ship the fastest Web browsers they possibly can.


Iomega Adds BitTorrent Support to NAS

March 19th, 2009 No comments

On Tuesday, EMC’s Iomega division announced a series of free upgrades to its StorCenter ix2 NAS appliance, adding PC-less BitTorrent downloads, remote access, and improved Mac support.

Iomega introduced the StorCenter ix2 last October, pledging that the NAS would be a platform as well as a storage unit, part of a way to differentiate the StorCenter from the dozens of rival products in the market. The new features will ship as part of the existing 1- and 2- terabyte StorCenter ix2s, but can be upgraded to by existing owners via an Iomega update.

The update adds five new features. Of the most interest to enthusiasts will be the native support for the BitTorrent protocol, which means that users can download torrent files without the need for a PC. This was a hot feature a couple of years ago, with Orb Networks, Netgear, and Asus and some lower-profile NAS products. It’s not quite clear whether support will be built in for white- and black-listing IP addresses to prevent third-party snooping.

Remote-access capabilities will be free for the first year and $9.95 annually thereafter. With remote access, users can apply for a special Web address and use it as a Web-based FTP protocol for uploading and downloading files remotely. Users will be able to purchase custom URLs for an additional charge, Iomega said.

The last three enhancements are a bit more prosaic: folder quotas, to prevent Junior’s movie collection from hogging the entire storage space; jumbo frames, a technology to help improve the speed of large file transfers; and Apple File Protocol support, for improved interaction with Apple OS X machines.

DLNA, uPNP, and Bluetooth support are already built in.

“With the simplest set-up process in the industry, the ix2 not only provides home and small business network storage users with such important features as media serving, Bluetooth and video surveillance capabilities, now we’ve added remote access so users can connect to their files from anywhere in the world, as well as the new standard in peer-to-peer file sharing and much more,” said Jonathan Huberman, president of Iomega and the Consumer and Small Business Products Division of EMC, in a statement. “That’s the power of network computing with Iomega and EMC.”

The 1TB StorCenter ix2 Network Storage appliance is available worldwide for $299.95; the 2TB model is available for $479.95.


Techshow 10-03-09

March 19th, 2009 No comments


Let The Hands Do The Talking

March 3rd, 2009 No comments

Your hands are gesturing but I do not understand! Is it me or are your hands telling me something?

Comprehending sign language is not an easy task, but should that be a hindrance for communication between you and a vocally challenged person?
I guessed not, hence this Sign Language Translator will be the apt solution for you to transcend borders of gesture-based communication.

The device is neat and easy; a no-fuss pendant with a sensory camera that captures the hand motions. Translating the gestures into voice modulations, it makes it possible for an impaired person to communicate effectively. A choice or pre-recorded voices adds a bit of funk to the device.

To operate the Sign Language Translator one has to click the bottom part to expose the speakers.
To increase the volume, just open the speaker wider.
To turn it off, just click it back and shut it.
Simple, straightforward…so let’s TALK!


Back up – Preventing your data from Disaster

March 3rd, 2009 No comments

The consequences of not backing up data need no explanation. Just imagine this: You turn on your computer and nothing happens. The hard drive is gone, all the
data on it is gone, and there’s nothing you can do to get that data back. If that thought doesn’t make you want to put down this magazine and back up everything on your computer immediately, then nothing will.
Unfortunately, backing up data is a chore. In fact, according to a survey undertaken by PC Pitstop (, 26.5% of the 4,084 respondents never back up their data at all. Many backup programs are readily available, but they are packed with enough features to confuse anyone. Furthermore, selecting the wrong type of backup when using these types of programs can
actually do more harm than good, depending on how you want to store your data.
The articles in the following section will tell you everything you need to know about specific backup media, applications, and services and how best to use them; but before reading those, you need to understand the basics of backup.

Full Backups
When most people think of backups, they think of full backups, which
copy everything on the hard drive. The most thorough method of performing a full backup is called drive cloning, which copies everything, including Windows files that are needed if you want to restore your computer to working order after a complete hard drive failure. Less thorough full backups simply copy all user files on the system and leave Windows system files alone. Full backups that are not modified (such as those stored on recordable DVDs) are called archives, because the files within the backup never change. Full backups are very inefficient in terms of the time it takes to create the backup and also in terms of storage space required because so much data is copied. In general, you make a full backup once and then use the following more efficient backup methods to keep it updated day-to-day.

Incremental & Differential Backups
A major feature to look for when buying backup software is its ability to perform incremental and/or differential backups. These maintain backups of the latest versions of your files in two different ways. Incremental backups copy only the data that has been changed since a file was last backed up, meaning incremental backup jobs complete very quickly and don’t require a lot of storage space. The downside is that restoring files from an incremental backup can be a lengthy process because the backup software has to stitch multiple backups together to create the whole file. Differential backups create a completely new copy of a file that has been
changed. It takes longer to perform a differential backup because more data is copied relative to an incremental backup, but restoring data is much faster relative to an incremental backup because complete copies of backed up files are instantly available. Some software also lets you configure differential backups so that older copies of backed-up files are retained when the new copy is backed up. This is called versioning, as it lets you maintain an archive of different versions of the same file so you can easily revert to an earlier revision of a file whenever you wish.